Tanya - Darknet Diaries Recap

Podcast: Darknet Diaries

Published: 2025-11-04

Duration: 48 min

Summary

In this episode, Jack shares his experience with the challenges of making security policies accessible and understandable within a corporate environment. Tanya Jenka discusses her journey from software development to application security, highlighting the importance of understanding vulnerabilities and how they can be exploited.

What Happened

Jack recounts his time as a security engineer, where he realized that despite having a security policy available on SharePoint, its obscure naming and placement made it nearly impossible for employees to find. In a playful yet pointed test, he challenged his colleagues to locate the policy within 15 minutes, only to discover that none could succeed. This sparked a realization about the importance of clear communication and accessibility when it comes to critical security information.

As Jack continued to test subsequent batches of technicians, the results remained disheartening. He noted that even senior technicians struggled to locate the policy, emphasizing that the problem was not a lack of effort on their part, but rather the ineffective naming and storage of essential documents. Frustrated with the lack of action from security leadership, he suggested creative solutions to ensure the policy was front and center, but ultimately, no changes were made, leading to a continued cycle of audits with little real understanding of security protocols within the company.

The episode then transitions to Tanya Jenka, who shares her compelling journey into the world of application security. After experiencing a vulnerability in one of her own applications, she became fascinated with security and began to focus on how to secure applications effectively. Tanya highlights the importance of thinking critically about how users might interact with software, often in ways that developers do not anticipate. Her story illustrates the shift from a developer mindset to a security-focused perspective, underscoring the necessity for developers to be aware of potential exploits and vulnerabilities in their work.

Key Insights

• Security policies must be easily accessible and well-named to be effective.
• Audits can reveal deeper issues in workplace culture and communication regarding security.
• Understanding how applications can be exploited is crucial for software developers.
• A mindset shift from building to breaking can enhance application security.